FreeCalypso > hg > fc-magnetite
view src/g23m-gprs/sm/sm.h @ 516:1ed9de6c90bd
src/g23m-gsm/sms/sms_for.c: bogus malloc removed
The new error handling code that was not present in TCS211 blob version
contains a malloc call that is bogus for 3 reasons:
1) The memory allocation in question is not needed in the first place;
2) libc malloc is used instead of one of the firmware's proper ways;
3) The memory allocation is made inside a function and then never freed,
i.e., a memory leak.
This bug was caught in gcc-built FreeCalypso fw projects (Citrine
and Selenite) because our gcc environment does not allow any use of
libc malloc (any reference to malloc produces a link failure),
but this code from TCS3.2 is wrong even for Magnetite: if this code
path is executed repeatedly over a long time, the many small allocations
made by this malloc call without a subsequent free will eventually
exhaust the malloc heap provided by the TMS470 environment, malloc will
start returning NULL, and the bogus code will treat it as an error.
Because the memory allocation in question is not needed at all,
the fix entails simply removing it.
author | Mychaela Falconia <falcon@freecalypso.org> |
---|---|
date | Sun, 22 Jul 2018 06:04:49 +0000 |
parents | 219afcfc6250 |
children |
line wrap: on
line source
/*---------------------------------------------------------------------------- | Project : 3G PS | Module : SM +----------------------------------------------------------------------------- | Copyright 2003 Texas Instruments. | All rights reserved. | | This file is confidential and a trade secret of Texas | Instruments . | The receipt of or possession of this file does not convey | any rights to reproduce or disclose its contents or to | manufacture, use, or sell anything it may describe, in | whole, or in part, without the specific written consent of | Texas Instruments. +----------------------------------------------------------------------------- | Purpose: Global definitions for the Session Management (SM) Entity. | For design details, see: | 8010.908 SM Detailed Specification +---------------------------------------------------------------------------*/ /*==== DECLARATION CONTROL =================================================*/ #ifndef _SM_H #define _SM_H //TISH modified for MSIM // #ifdef WIN32 // #define DEBUG // #endif /*#ifdef FF_EGPRS #ifndef SM_EDGE #define SM_EDGE #endif #endif */ /*FF_EGPRS*/ /*#ifdef SM_EDGE */ #define DEBUG_VERBOSE /*#endif */ /*#ifdef SM_EDGE*/ /*==== INCLUDES =============================================================*/ #include <string.h> #include <typedefs.h> #include <vsi.h> #include <gsm.h> #include <gprs.h> #include <prim.h> /*#ifndef SM_EDGE #include <trace.h> #endif */ #ifdef DEBUG #include "sm_debug.h" #endif struct T_SM_CONTEXT_DATA; #include "sm_context_control.h" #include "sm_context_deactivate_control.h" #include "sm_network_control.h" #include "sm_user_plane_control.h" #include "sm_mm_output_handler.h" /*==== CONSTS ===============================================================*/ /* CCD constant: Bit-offset from which to place coded data in buffer. */ #define ENCODE_OFFSET 16 /* Session Management Protocol Disciminator; Global (PS-wide) define? */ #define PD_SM 0x0a /* Transaction Indentifier-related definitions */ #define SM_TI_MASK 0x7f #define SM_TI_FLAG 0x80 #define SM_TI_NON_EXT_MASK 0x07 #define SM_TI_EXTEND_VALUE 0x07 #define SM_MAX_NON_EXT_TI 6 #define SM_MAX_EXT_TI 127 #define SM_TI_NONE 0xff #define SM_HIGH_VALUE 255 /* Often-used constant: max NSAPI index after NSAPI 5 offset is subtracted */ #define SM_MAX_NSAPI_OFFSET ((int)NAS_SIZE_NSAPI - (int)NAS_NSAPI_5) /* Frame parameter: Maximum timers used = number of concurrently active NSAPIs*/ #define SM_TIMER_MAX SM_MAX_NSAPI_OFFSET enum SM_CONTEXT_FLAGS { SM_CONTEXT_FLAG_COMP_PARAMS = 0x01, SM_CONTEXT_FLAG_STARTED_DURING_SUSPEND = 0x02, SM_CONTEXT_FLAG_SECONDARY_CONTEXT = 0x04, SM_CONTEXT_FLAG_PENDING_DEALLOCATION = 0x08, SM_CONTEXT_FLAG_PENDING_REACTIVATION = 0x10, SM_CONTEXT_FLAG_PFI_PRESENT = 0x20 }; typedef enum { SM_UPDATE_QOS = 0x01, SM_UPDATE_QOS_DOWNGRADE = 0x02, SM_UPDATE_ADDRESS = 0x04, SM_UPDATE_COMP_PARAMS = 0x08, SM_UPDATE_SAPI_RADIO_PRIO_PFI = 0x10 } T_SM_UPDATE_FLAGS; /*==== TYPES ================================================================*/ typedef struct { U8 c_pco_value; U8 pco_value[1]; } T_SM_pco; typedef struct { U8 tft_precence_mask; U8 c_tft_pf; /*@only@*/ /*@null@*/ T_NAS_tft_pf *ptr_tft_pf; } T_SM_tft; typedef struct { T_PS_ctrl_qos ctrl_qos; T_PS_qos qos; } T_SM_qos; /*@abstract@*/ struct T_SM_CONTEXT_DATA { U8 ti; U8 nsapi; U8 linked_ti; U8 active_timer; /* T3380, T3381, or T3390 */ U8 timeouts; U8 sapi; /* Managed by Network Control */ U8 radio_prio; /* Managed by Network Control */ U8 pdp_type; /* Managed by Network Control */ U8 pfi; /* Managed by Network Control */ U8 flags; U8 qos_rank; T_NAS_comp_params comp_params; T_CAUSE_ps_cause aci_cause; T_CAUSE_ps_cause nw_cause; T_SM_CONTEXT_CONTROL_STATE context_control_state; T_SM_CONTEXT_DEACTIVATE_CONTROL_STATE context_deactivate_control_state; T_SM_NETWORK_CONTROL_STATE network_control_state; T_SM_USER_PLANE_CONTROL_STATE user_plane_control_state; /* Fields below allocated, managed, and deallocated by Network Control */ T_SM_qos minimum_qos; T_SM_qos requested_qos; T_SM_qos accepted_qos; T_NAS_ip requested_address; T_NAS_ip negotiated_address; /*@null@*/ /*@only@*/ /*@reldef@*/ T_SMREG_apn *apn; /*@null@*/ /*@only@*/ /*@reldef@*/ T_SM_pco *requested_pco; /*@null@*/ /*@only@*/ /*@reldef@*/ T_SM_pco *negotiated_pco; T_SM_tft requested_tft; T_SM_tft active_tft; /*@null@*/ /*@only@*/ T_sdu *coded_msg; }; typedef struct { T_PS_rat sm_current_rat; T_PS_sgsn_rel sm_current_nw_release; BOOL sm_suspended; U16 sm_suspend_cause; /*sm_suspend_cause stores the cause of SM suspension. the value has meaning only when sm_suspended=true at other places the value must be set to CAUSE_MM_SUCCESS*/ BOOL sm_attached; U16 sm_context_activation_status; U16 sm_nsapis_requested_deactivated; U16 sm_nsapis_being_deactivated; /*@only@*/ /*@reldef@*/ struct T_SM_CONTEXT_DATA *sm_context_array[SM_MAX_NSAPI_OFFSET]; /*@only@*/ /*@reldef@*/ struct T_SM_CONTEXT_DATA *sm_pending_mt_array[SM_MAX_NSAPI_OFFSET]; } T_SM_DATA; #ifdef DEBUG #define M_TRANSITION(_EVENT, _FUNC) {_EVENT, _FUNC} #else #define M_TRANSITION(_EVENT, _FUNC) {_FUNC} #endif /* DEBUG */ /*==== EXPORTS ==============================================================*/ extern T_SM_DATA sm_data; #define hCommACI sm_hCommACI /* Communication handle to ACI */ #define hCommMM sm_hCommMM /* Communication handle to MM */ #define hCommUPM sm_hCommUPM /* Communication handle to UPM */ /* Communication handles */ extern T_HANDLE hCommACI; extern T_HANDLE hCommMM; extern T_HANDLE hCommUPM; extern T_HANDLE sm_handle; #define VSI_CALLER sm_handle, #define VSI_CALLER_SINGLE sm_handle /* Uniquify pei_create() */ #define pei_create sm_pei_create short sm_pei_create (T_PEI_INFO **info); /* * If all entities are linked into one module this definitions * prefixes the global data with the enity name */ #define _decodedMsg _sm_decodedMsg /* CCD coding/decoding buffer */ extern U8 _decodedMsg [MAX_MSTRUCT_LEN_SM]; #include "sm_memory_handler.h" /* Convenience functions relating to NSAPI handling */ U16 sm_nsapi2nsapi_set(int /*@alt U8@*/ nsapi) /*@*/; U16 sm_add_nsapi_to_nsapi_set(int /*@alt U8@*/ nsapi, U16 nsapi_set) /*@*/; U16 sm_remove_nsapi_from_nsapi_set(int /*@alt U8@*/ nsapi, U16 nsapi_set) /*@*/; BOOL sm_is_nsapi_in_nsapi_set(int /*@alt U8,U16@*/ nsapi, U16 nsapi_set) /*@*/; U16 /*@alt int@*/sm_nsapi_to_index(U16 /*@alt U8,int@*/nsapi) /*@*/; U16 /*@alt int@*/sm_index_to_nsapi(U16 /*@alt U8,int@*/index) /*@*/; /* Get/set current RAT and core network release */ T_PS_rat /*@alt U8@*/ sm_get_current_rat(void); void sm_set_current_rat(T_PS_rat rat); T_PS_sgsn_rel /*@alt U8@*/ sm_get_current_nw_release(void); void sm_set_current_nw_release(T_PS_sgsn_rel sgsn_rel); /* Query functions for global attached/suspended state */ BOOL sm_is_suspended(void); BOOL sm_is_attached(void); /* Set and query functions for context flags */ BOOL sm_is_secondary(struct T_SM_CONTEXT_DATA *context); void sm_set_secondary(struct T_SM_CONTEXT_DATA *); U16 sm_get_pdp_context_status(void); void sm_set_started_during_suspend(struct T_SM_CONTEXT_DATA *context); void sm_clear_started_during_suspend(struct T_SM_CONTEXT_DATA *context); BOOL sm_is_started_during_suspend(struct T_SM_CONTEXT_DATA *context) /*@*/; void sm_mark_context_for_deallocation(struct T_SM_CONTEXT_DATA *context); BOOL sm_is_context_pending_deallocation(struct T_SM_CONTEXT_DATA *context); void sm_set_context_pending_reactivation(struct T_SM_CONTEXT_DATA *, BOOL); BOOL sm_is_context_pending_reactivation(struct T_SM_CONTEXT_DATA *context); void sm_set_pfi_included(struct T_SM_CONTEXT_DATA *, BOOL); BOOL sm_is_pfi_included(struct T_SM_CONTEXT_DATA *context); BOOL sm_is_llc_sapi_valid(U8 llc_sapi, U8 ti); BOOL sm_is_aci_update_required(T_SM_UPDATE_FLAGS update_flags); BOOL sm_is_user_plane_update_required(T_SM_UPDATE_FLAGS update_flags); void sm_set_nw_cause(struct T_SM_CONTEXT_DATA *context, T_CAUSE_ctrl_value ctrl_cause, U16 cause); /*@observer@*/ T_CAUSE_ps_cause*sm_get_nw_cause(struct T_SM_CONTEXT_DATA *context); void sm_set_aci_cause(struct T_SM_CONTEXT_DATA *context, T_CAUSE_ctrl_value ctrl_cause, U16 cause); /*@observer@*/ T_CAUSE_ps_cause*sm_get_aci_cause(struct T_SM_CONTEXT_DATA *context); #endif /* _SM_H */ /*==== END OF FILE ==========================================================*/